Firewall Updates

The desktop firewall policy has been updated for the most recent Java release:

  • Exceptions for Java 8u71 (two versions back) have been removed
  • Exceptions for Java 8u77 (latest version) have been added

Java 8u77 released last Wednesday (the 23rd), the fleet should be getting rolled to the new version this coming Tuesday evening as part of our normal update process.

Locky Mitigation

GPOs to mitigate Locky (a newer piece of ransomware that encrypts files) will be implemented at the end of the day for the following units:

Academic Affairs
Academic Programs
Alumni Relations
Board of Trustees
Counseling and Psychological Services
Enrollment Management
Finance and Administration
Financial Aid and Scholarships
Graduate School
Information Services
Institutional Research
International Programs
Office of Admissions
Office of Audit Services
Office of the General Counsel
Office of the President
Office of the Provost
Office of the Registrar
Research Office
Student Affairs
Student Life
Undergraduate Studies
University Shared Services Enterprise

The specific settings that the GPOs enforce are:

  • VBA Macros that are not digitally signed are not able to execute (no notification is provided, it’s as if it wasn’t there at all)
  • VBA Macros that are digitally signed are disabled by default, but the notification bar will be displayed to allow the user to enable the content
  • 2016 only: Word/Excel/Powerpoint files from the internet are not able to run macros at all

For unsigned macros that need to run, there are two routes to get things enabled:

Option one: digitally sign the macros. Folks can request a code signing cert via the process at
Once the macro is signed, it will be able to run normally.

Option two: put the file in question in a trusted location. Trusted locations should be used as sparingly as possible. Never set up the built in downloads/documents/other common folders as trusted, as it means all outside files will be trusted by default!

To add a trusted location to any office application:

File -> Options
Click on the Trust Center heading on the left
Click on the Trust Center Settings… button to open the trust center
Click on the Trusted Locations heading on the left
If you will be adding a network location, you must check the “Allow Trusted Locations on my network (not recommended)” box first
Click on the Add new location…
Enter the path to the trusted folder, or browse to it
If subfolders of that folder should also be trusted, there is an option for that
(optional) Enter a description
Click on OK/OK/OK to close out of the Trust Center
Reopen any documents in the newly trusted locations1 2 3

Access 2010 patch removal – March 22, 2016 – evening


Access 2010 bad patch (KB3085515) removal. With the patch in place, customers are NOT able to utilize their Access 2010 database files.

The impacted customers will be sent an e-mail, based on distribution lists created by David and Keenan.


Tuesday March 22nd, starting at 10pm


Remove the bad patch that Microsoft pushed out. Allow customers to use their Access databases from Access 2010.

Completed internally

Tested on CN test machine with Access 2010.

Keenan worked with customers to test the removal process developed by Jim Galloway.


Customers that have Access 2010 currently.

Access 2010 does NOT restart.

Computer does NOT restart.

List of customer machines –

\\\SCCMStaging\Office Patches\KB3085515 Removal\office_x86.xlsx

Master ticket

Milne 213 Welcome

A few important things to make you aware of in our new space:
  • Before putting up any decorations or moving furniture, etc., please check with me or Max Cohen. Our space is shared now with other staff in Client Services. As such, we have a little less latitude about decorations and such. Keep it clean and professional.
  • Break room: the break room is downstairs next to the rest rooms. There is a key for students (and a check out form) hanging up in the inner office at the bench. Also, all full-timers have a key to that door.
  • Door access: Lucas is working on getting us electronic access to the 213 door. For now we have been leaving it propped open while staff are here, but once we all have door access it will be locked 24×7.
  • Supplies: There are some kitchen type supplies (napkins, utensils, plates) in the drawers across from my cube. There are also some office supplies (pens, sticky notes, tape, staplers, printer paper) located there. Miscellaneous hardware such as cables and computer parts are located in the large gray cabinets in the back office. Note: we are still getting settled in and things are likely to keep moving around for a bit. Come ask me if you can’t find something.
  • Printer: Will be set up as \\\MCC-213-HP-LaserJet-P3015 as soon as the port gets set to the correct VLAN. For now you can print to it at:

Let me know if you have any questions, concerns, ideas, existential angst, etc.

Welcome to Milne.  🙂

Referral Tool – Base Team – New ticket creation template – Monday March 7th at 4pm



A new template for new ticket creations from the Base Team button on Referral tool. See attachments.

This template has the following data and it’s expected that you fill in that information.

Problem Description: 

Machine info 
Inventory ID (if existing equipment):
Device type (laptop, desktop, phone, tablet, etc.):
Device OS:

Printer info (if applicable):
IP address:
Make, model:

Actions/troubleshooting I performed: 

Currently in progress: 

Left to do:

Who does this impact?

Anyone that makes tickets that go into the Base Team queue.


Today, Monday March 7th at 4pm


Additional details are helpful for everyone involved – machine details help people visiting the customer know what they are looking for, need to transport, what type of equipment the customer is using, etc.

The template makes is easier to find that information too and pass it off to another person as needed.RefTool - base team new ticket template - COHO RefTool - base team new ticket template